To help us provide you with free impartial advice, we may earn a commission if you buy through links on our site. Learn more

How to spot a phishing email

Tell-tale signs that what you’ve received in your inbox isn’t what it seems, and tips on what to do when you get phished

The introduction of email has totally overhauled how we communicate with each other, offering instant access to our friends, family and colleagues. But with this shift has come new opportunities for fraudsters to try and steal our personal data and money via phishing scams, which are usually sent via email. A proper spam filter, such as the BullGuard Spamfilter, can cut down on a lot of additional messages, but there are still some additional things that you should look out for. Expert Reviews has teamed up with BullGuard to bring you these essential tips for avoiding falling prey to the phishers.

1. Don’t engage with unknown or untrusted senders

The key to a successful phishing campaign is getting you, the chosen victim, to trust that the email you’ve received is from a legitimate sender. So rule one of protecting yourself against phishing scams is never respond to or follow the instructions from a sender you don’t know and trust. If you’ve got a great email scanning system in place, for example the BullGuard Spamfilter, that determines whether a message is genuine, spam or a phishing attempt, these messages should end up in your junk folder anyway. But some will slip through to your inbox so it’s really important that if you get an email from somebody you don’t know or an organisation you haven’t subscribed to, treat it with caution and be very wary of the information you choose to then share. Any half-decent organisation will only send out marketing emails using proper English so if the language used sounds confused, or there are spelling and grammar errors, that’s a warning sign this might be a phishing scam. And remember, if an email sounds too good to be true – offering you a free iPad or worldwide cruise in exchange for clicking the link and filling in a few details – it probably is a scam.

BullGuard Spamfilter 

2. What if this email comes from a company I’m familiar with? 

This is a key trick of the phishers. Rather than sending their message from a dubious looking individual or fake company, they will set up a system that lets them contact you via an ‘official’ and trusted brand such as online firm like Ebay or PayPal, a bank like HSBC or a well-known company like Apple. This typically works as follows. You’ll receive an email from ‘HSBC’ with anything from a request to update your details to an urgent warning that you’ve been the victim of online fraud. In order for your ‘bank’ to carry out the required action, you just need to click the link in the email, which will actually take you to a fake site. Often this link will be slightly different to the legitimate organisation, for example rather than There, you will be asked to enter some personal details, which are then collected by the phishers. Once you’ve entered details such as your name, address, postcode, bank account number and password, the phishers have everything they need to empty out your account.

The main thing to remember is that legitimate organisations would never request sensitive personal and financial information in this way, as they would want you to keep yourself safe online and help protect your data. If you get this kind of email but aren’t sure whether it’s legitimate or are worried that you have been hacked or need to update your details, before entering any information or replying to the message, give the company in question a call through your normal contact number to verify the message. Don’t click on the link – instead visit the company’s site by typing in the url you normally use to visit them. You should also look out for the URL to see if it’s a secure site, as any legitimate outfit will use the https:// server for sensitive pages like bank accounts or other online accounts, and there’ll be a padlock or key icon in the browser bar which should match the name of the organisation in the URL if you double click it.

3. What about opening attachments?

This is another danger area when it comes to untrusted sources. Phishers will send out emails that appear to be from a legitimate organisation or person, which ask you to open an attachment to view a document or other file. This file is likely to contain malicious code that you will be introducing onto your computer, and could result in the fraudster gaining access to your machine to then discover your personal data. Be extremely cautious when receiving emails with attachments and the hard and fast rule is – if you don’t recognise the sender or expect to get a file from them, just hit delete or make that call to check if it’s a genuine message. Ten minutes on the phone is a small price to pay to keep your data safe and your money in your account.

4. What’s the difference between phishing and spear phishing?

Phishing at its most basic entails a fraudster sending out a legitimate-looking email aimed at gathering personal and financial data from unsuspecting internet users. The aim is to gather this information and use it to empty out your bank account or make online purchases. Spear phishing is an advanced approach to phishing, which sees fraudsters target individuals at certain companies to try and access a secure part of the targeted organisation or obtain sensitive details. 

This is an independent guide from the Expert Reviews editorial team. This content was produced to the same impartial standards as the main content on our site but paid for by BullGuard.

Read more